PREROUTING 169.254.169.254 ..Should not be set on ComputeNode & 500 internal error

I believe that most of testers of OpenStack NOVA will face a problem with instance can ping but failed to SSH.Well , there r many possibilities .

First you can check console output of instance.If your problem is on retrieving metadata , and your topology is like this

Make sure the problem is not on nova-network host. To connect your laptop on Service Network switch then curl 169.254.169.254 . If your laptop could get it , that means nova-network is correct.The problem must on your compute-node

It works fine with the POSTROUGING rule on network node plus routing rule on API node, which redirects vnet traffic to the corresponding network node(I had two, that was the problem).

I learned a lot about network these days.

What I still don't understand is why PREROUTING rule make vnet traffic to pass local network.

On my system, which is VLAN mode,compute node brctl shows br100 has four ports which are vlan100, vnet0 and vnet1. I guess the traffic from vnet0 must go out through ethernet interface according to the PREROUTING rule and routing table.

I'm using VLAN mode and meta-data service works fine with POSTROUTING rule + routing rule on API node.But if I add PREROUTING rule on compute node, it does not work and I don't know the reason. It looks right answer for me for instance to access meta-data server.

Hi Hugo: thank you for your reply:)and i have checked my setting , and br100 is in promics modeand eth0 also bridge to br100.

now i am try to VNC to the instance , but need the password, my instance image is maverick-server-cloudimg-i386.tar.gz. and i have tried ubuntu and ubuntu , but i doesn't work.do you have any idea about this?thanks again.

Hi Hugo: I have logined into the tty instance, it seems the instance is using the public IP, which got from host machines:stty: /dev/consoleudhcpc (v1.17.2) startedSending discover...Sending select for 10.140.xxx.155...Lease of 10.140.xxx.155 obtained, lease time 21600but i think it should be 10.0.0.X. as configured.so how can i block the public IP?so it means i need set the flag inject address?thanks

Hi Hugo: Good morning, sorry for the late response, cause there are some personal things to do at weekend. How to add one more NIC? If physical NIC, i just have one on my hand:). root@tiger-desktop:/var/log# ps -ef|grep dnsnobody 1906 1 0 Aug26 ? 00:00:02 dnsmasq --strict-order --bind-interfaces --pid-file=/var/run/libvirt/network/default.pid --conf-file= --except-interface lo --listen-address 192.168.122.1 --dhcp-range 192.168.122.2,192.168.122.254 --dhcp-lease-max=253 --dhcp-no-override

Our purpose is to provide uninterrupted web services with low cost in OPENSTACK. Due to all instances traffic through Nova-Network host in a basic deployment of NOVA . And it's hard to do HA+LB for Nova-Network. As I know it will be very hard to implement. After read "Bootstrapping OpenStack Clouds" doc writed by DELL....The fault zone concept it much easier and cheaper.

There're three diagrams ....I.Two zones topology , share nothing between each zones. But combine two instance network in same network segment. Zone1 using 192.168.1.0/25, Zone2 using 192.168.1.128/25 . We do not using floating ip. Let instance route from Core Network Switch directly.

This page attempts to enumerate how Nova and Eucalyptus compare Current Status2011-05-23 The latest one clickOpenStack Compare In this topic , administrator should know about features in OpenStack NOVA